Improved support for Helm Charts with native OCI integration
You can now publish and manage Helm charts in Cloudsmith using modern OCI-based workflows. Charts pushed via Helm V3 to our OCI-compatible registry are correctly identified in the UI and supported through a new dedicated endpoint: helm.oci.cloudsmith.io. These improvements build on our full support for OCI v1.1 compliance and make adopting Helm’s latest distribution model easier…
Streamlined access to Client Logs via our web app
We've introduced Client Logs into the new web app user interface, delivering a significantly improved experience for gaining visibility into package usage across your Cloudsmith workspace. Previously available in our legacy UI, Client Logs is now more performant, accessible, and interactive. This allows you to visualize, filter, and export information to better understand how your packages are consumed, whether by CI/CD pipelines, IDEs, or external consumers…
Cloudsmith Status Page has moved
The Cloudsmith status page is now available at https://status.cloudsmith.com. As part of this change, we’ve adopted a new incident management platform to improve how we manage incidents and communicate updates. The new platform gives us better tools to share clear, timely information when incidents happen and when they are resolved…
Verify the integrity of NuGet packages with native signing
Cloudsmith now supports natively signing all NuGet packages using an X.509 certificate. This feature enables consumers to verify a package’s repository signatures in native tooling using the NuGet or .NET CLI, ensuring integrity and authenticity…
Introducing dark mode 🌑
We are pleased to announce dark mode for Cloudsmith’s new web application. Dark mode is an essential feature for modern web applications, and has been a frequent customer request since the new web app was released in Early Access…
Better software artifact distribution with Broadcasts, now in early access
Cloudsmith customers can now create branded public repositories using our new distribution feature, Broadcasts. With Broadcasts, you can set up a custom domain, creating a single trusted place for users to access your software artifacts. Your users can discover packages, containers and SDKs, and download those artifacts right from the browser or pull them down using native tools like their IDE or CI/CD build systems…
Catch new vulnerabilities in your packages and images with recurring security scans
Ensuring your packages and container images remain secure over time can be challenging, especially as new vulnerabilities surface daily and can emerge long after a package is first introduced. With Cloudsmith, you can now set up recurring security scans of your packages and images to check for new vulnerabilities and use that updated information in Cloudsmith’s policy manager to notify users or quarantine the package…
Dart upstreams now support caching
For customers who use Cloudsmith for Dart packages, Cloudsmith now supports caching from upstream repositories including pub.dev, the official package repository for Dart. This simplifies handling of public Dart packages and enables key improvements such as package vulnerability scanning to enhance and better secure your package workflows.
Prior t…
Automatically generate SBOMs for container images
Cloudsmith now automatically generates SBOMs during package synchronization of container images. This provides a CycloneDX format SBOM accessible via the API, and significantly quickens container image re-scan times.
What are SBOMs?
SBOMs (or Software Bill Of Materials) serve as an inventory of components comprising a software package. Based on a…
Dart package security scanning
Cloudsmith has extended our support for security scanning to include Dart packages, helping customers who use Cloudsmith for Dart packages ship safe software.
Cloudsmith’s security scanning checks for Common Vulnerabilities and Exposures (CVEs). Package vulnerability scanning is a key step in securing your software delivery pipelines, and using pa…